Based on the description, it is inferred that the plugin contains a missing authorization check that allows unauthenticated or improperly authorized users to perform privileged operations. Because the access control security levels are incorrectly configured, an attacker could exploit the flaw to access or manipulate features that should be restricted, such as generating shared PDFs or printing options. This insufficient access control (CWE-862) can compromise both the confidentiality of documents and the integrity of the printing process for users who should not have those capabilities.

The weakness affects the XforWooCommerce Share, Print and PDF Products for WooCommerce plugin in all releases up to and including version 3.1.2. The issue is present in every iteration from the initial release through 3.1.2, meaning any site still running those versions is exposed.

The CVSS score of 5.3 indicates moderate severity. The EPSS score of <1% reflects the probability of exploitation is currently low, and it is not listed in the CISA KEV catalog. Attackers can reach the flaw over the web interface, so the vulnerability is potentially remotely exploitable. Because it is an access control issue, any user who can interact with the plugin’s features and who is not properly authorized could leverage the flaw. The confidentiality impact inferred from the data is that an attacker could view or obtain shared PDFs or other documents that should be protected.